Hackers can kill by tweaking pacemaker: US FDA

Medical devices such as wireless pacemakers or defibrillators that help maintain heart rhythm can be hacked into, just like your computers. Many Delhi hospitals are equipping their network with stronger features to prevent any such hacking incident.Durgesh Nandan Jha | TNN | April 28, 2017, 04:09 IST

The warning, issued recently, by the US Food and Drug Administration has sent the medical device industry into a tizzy. It has forced them to prepare for a situation where unscrupulous elements can remotely access the device and give command for rapid battery depletion and/or administration of inappropriate pacing or shocks.

Media reports suggest that former US vice president Dick Cheney was so fearful of an attack by terrorists that he asked doctors to replace his heart defibrillator with a new device without Wi-Fi capability.

Dr Mohan Nair, chief of cardiology at Max Hospital, Saket said that hacking of a remotely controlled device is theoretically possible but, so far, they have not come across any such complaint. “The wireless pacemaker and defibrillators are less common in India compared to the west,” he added.

Suzanne B Schwartz, associate director for science and strategic partnerships at the Center for Devices and Radiological Health, a branch of the US FDA, stated that cyber security threats are real, ever present and continuously changing. “In fact, hospital networks experience constant attempts of intrusion and attack, which can pose a threat to patient safety,” she warned in a recent blog post. FDA recommends manufacturers to build in cyber security controls when they design and develop the device.

Some of the insulin pumps, used by diabetics, are wireless too. Hacking into them is a scary prospect, said endocrinologist Dr Sujeet Jha. “Hackers can use it for ransom or threat to life with compromised security features,” said Nitin Bhatnagar, a Mumbai-based cyber security expert.

Australian web security expert, Tony Hunt, recently revealed that nearly 43,000 sensitive pathology reports, including those of HIV patients, were exposed online by a Mumbai-based laboratory.

Hunt, in his blog, said that he stumbled upon reports containing name, age, gender and tests results of patients in an online folder, which could be easily seen and downloaded. The case was referred to the cyber cell of Mumbai Police. TOI spoke to many top hospitals in Delhi where officials said they were equipping their network with stronger features to prevent hacking.

Dr Anand Bansal, medical director, Sri Balaji Action Medical Institute, said they spend Rs 25 - 30 lakh on cyber security. “We have set up a separate department for cyber security and are investing on educating our staff to remain safe from any cyber frauds,” he said.

Officials at AIIMS said that the National Informatics Centre, the government’s web services unit, has been entrusted with ensuring cyber security.